FedRAMP – For Cloud Computing Q3

FedRAMP – For Cloud Computing Q3 FedRAMP – For Cloud Computing Q3

FedRAMP process

Initiate-Agency checks whether CSP has existing ATO from JAB/other agency if YES asks for the SA&A package for review, if NO initiates a request to tell FeRAMP PMO whether CSP will be pursing an agency ATO or JAB ATO

Apply: CSP applies to FeRAMP PMO to become FeRAMP Compliant or can be sponsored by an agency to become FeRAMP Compliant

Implement-CSP implements FedRAMP baseline security controls in accordance with their system categorization

Document- CSP develops an SSP to document controls-CMP, CP and CP Test

Access
- Categorize system
- 3PAO Create a Security Assessment Plan
- 3PAO Perform initial and periodic assessments of CSP security controls
- 3PAO Conduct security tests and produce a Security Assessment Report and POAM

Authorize-Agency reviews SA&A package (SAR, POAM and SSP) to other issue an ATO, Interim ATO, Denial an ATO or leverage existing ATO from JAB-(Agency ATO or JAB ATO)

Monitor
- Agency and PMO staff review continuous monitoring artifacts available in the FedRAMP secure repository periodically
- CSPs make continuous monitoring artifacts available in the FedRAMP secure repository

Report-Agencies report CSP who they think cannot meet FeRAMP requirement
Main FedRAMP page h t tp://cloud.cio .gov /f e d r a mp
Cloud system most of the time are categorized as Moderate or Low
All the templates are provided on the main FedRAMP page

Quizzes

Basic IT Concept Quiz Q3

Certified Authorization Professional Exam Q3

error: Content is protected !!